kubeeye/checks/insecureCapabilities.yaml

32 lines
765 B
YAML
Raw Normal View History

2020-12-25 17:20:10 +08:00
#successMessage: Container does not have any insecure capabilities
promptMessage: Container should not have insecure capabilities
2020-12-16 16:36:47 +08:00
category: Security
target: Container
schema:
'$schema': http://json-schema.org/draft-07/schema
type: object
properties:
securityContext:
type: object
properties:
capabilities:
type: object
properties:
add:
enum:
- CHOWN
- DAC_OVERRIDE
- FSETID
- FOWNER
- MKNOD
- NET_RAW
- SETGID
- SETUID
- SETFCAP
- SETPCAP
- NET_BIND_SERVICE
- SYS_CHROOT
- KILL
- AUDIT_WRITE